Flashback and the E-Word

Monday, 9 April 2012

Last week, after asking DF readers to report if they identified Macs infected with the Flashback drive-by attack and getting about a dozen or so positive responses, I wrote:

Via email and public Twitter replies, I’ve seen reports from about
a dozen or so DF readers who’ve been hit by this. And they all
seem like typical DF readers — sophisticated, experienced, if not
downright expert Mac users. It’s not an epidemic, but it’s
definitely real, and insidious.

The CDC’s official definition of an epidemic is: “The occurrence
of more cases of disease than expected in a given area or among a
specific group of people over a particular period of time.” Since
some diseases become more prevalent or lethal over time, while
others become less severe, the CDC must adjust its statistical
models to alter the definition of what’s truly more than expected.

With 600,000 infections in a user base of 60-70 million, that
means roughly 1% of all Macs worldwide have been hit by this
thing, which is capable of downloading additional malware at
will. […]

By comparison, the single largest Windows-based infection ever was
Conficker. At its peak in 2009, it infected 7 million PCs, or
about 0.7% of the total Windows installed base.

I’d say a Mac malware outbreak that is more common, on a percentage basis, than the largest-ever Windows infection1 is without question more cases than expected, and thus, I was wrong: epidemic is indeed the right word. Cause for hysteria? No. But an epidemic? Yes.

My initial resistance to describing Flashback as an “epidemic” was largely because I had assumed, incorrectly, that the worst Windows malware outbreaks infected far more than 0.7 percent of the PC installed base. Sort of a “Well, one percent is bad, but it’s not that bad” take — but it turns out one percent is record-breaking bad. ↩︎